Survey: Some Employees at Global Firms Would Sell Passwords for $150

Enterprise security professionals worried their systems and data could be vulnerable to “inside hacks,” have another good reason for concern.  A survey of 1,000 employees at large global organizations found one-in-seven admit they would sell passwords to outsiders for little as $150. IDN explores the Market Pulse Survey from SailPoint.

Tags: AIM, cloud, identity, password, policy, SailPoint, SSO, security,

Enterprise security professionals worried that their systems and data could be vulnerable to “inside hacks,” have another good reason for concern.


The just-released Market Pulse Survey from SailPoint polled 1,000 employees at large global organizations, and found one-in-seven employees admit they would sell passwords to outsiders for little as $150. This is the 7th annual survey released by SailPoint, a provider of on-premises and cloud identity management software.


Even when employees aren’t criminal-minded, their “lax” approach to password management is also a hazard.


SailPoint’s survey found these troubling stats:

  • 20% of employees (one-in-five) say they “routinely share” their usernames and passwords for corporate apps with other members of their teams.
  • 56% say they might use the same passwords to access different corporate apps and data.
  • 14% of admins use the same password across all apps.

The finding suggest poor password controls are causing huge security vulnerabilities across larger companies, and putting corporate resources and customer data at risk, according to SailPoint founder and president Kevin Cunningham.


SailPoint also points out that as more enterprises adopt SaaS cloud-based apps their vulnerabilities increase. A SailPoint blog post from Cunningham puts it this way.

Unfortunately, this stat shows that IT organizations are slow to incorporate the SaaS environment into their overall IAM strategy. Not surprising since SaaS applications are often adopted without IT even being involved. Obviously, this is not sustainable and needs to be addressed in order to reduce the risk associated with SaaS utilization. Importantly, SaaS applications should and need to be managed in context with other enterprise assets as part of a holistic identity strategy, not as a siloed application space.

A troublesome example: Any passwords employees may be selling might not be their own – but from using someone else’s, according to the survey’s conclusions.

“Employees may have moved away from the post-it note password list, but using the same password across personal and work applications exposes the company,” Cunningham said in a statement.


Many, if not all, the headline-grabbing breaches of consumer data in 2014 required users to change their social media passwords. If those compromised passwords had been used to access corporate apps, hackers would have been able to access corporate networks as well, he added.


“Password reuse poses a significant risk to any organization. But the good news is that there are solutions that can quickly address the problem,” according to Cunningham.


To help companies protect sensitive business data, SailPoint is combating this growing challenge by offering a “trade-in” program for legacy password management solutions.


Through June 2015, SailPoint will replace a company’s legacy password management tool with its cloud-based IdentityNow’s Password Management Service for less than what that company is paying annually for support and maintenance, according to the company’s offer.


From the cloud, IdentityNow delivers single sign-on, password management, provisioning, and access certification services for cloud, mobile, and on-premises applications. As a critical component of the enterprise IT infrastructure, IdentityNow is architected to meet the most stringent security, scalability, performance and availability requirements.


IdentityNow features include:

  • An intuitive, self-service password reset portal to increase user productivity through self-service reset and password change options
  • Mobile/off-network and desktop support to cut operational costs and reduce helpdesk calls relating to password requests
  • Centralized access policies and controls that boost security through consistent enforcement of strong password policies to unify and centralize password management across data center and cloud resources
  • Password intercept and synch to improve user satisfaction by automatically synchronizing password changes across all on-premises and cloud-based apps
  • Integrated single sign-on to reduce reliance on application-specific passwords while making it easier for users to access their apps

SailPoint also offers IdentityIQ, a governance-based IAM software to let companies centralize identity data and policies. This unified approach supports compliance, password management, automated provisioning and access request management. As a result, organizations can gain the control to proactively manage the risks associated with worker access to sensitive data and strengthen access management practices.


IdentityIQ works with apps running on-premises or from the cloud.